Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2022-29974

    AMI (aka American Megatrends) NTFS driver 1.0.0 (fixed in late 2021 or early 2022) has a buffer overflow. This driver is, for example, used in certain ASUS devices.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 12, 2024

  • 5.4

    MEDIUM
    CVE-2024-54935

    A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Dec. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-54933

    Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-54930

    Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-54922

    A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Dec. 12, 2024

  • 7.8

    HIGH
    CVE-2024-11608

    A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of t... Read more

    Affected Products : revit
    • Published: Dec. 09, 2024
    • Modified: Aug. 26, 2025

  • 7.8

    HIGH
    CVE-2024-11454

    A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized.... Read more

    Affected Products : revit
    • Published: Dec. 09, 2024
    • Modified: Aug. 26, 2025

  • 5.5

    MEDIUM
    CVE-2024-11268

    A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash or could lead to an arbitrary memory leak.... Read more

    Affected Products : revit
    • Published: Dec. 09, 2024
    • Modified: Aug. 18, 2025

  • 9.8

    CRITICAL
    CVE-2024-54926

    A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Dec. 11, 2024

  • 7.5

    HIGH
    CVE-2024-53450

    RAGFlow 0.13.0 suffers from improper access control in document-hooks.ts, allowing unauthorized access to user documents.... Read more

    Affected Products : ragflow
    • Published: Dec. 09, 2024
    • Modified: Jul. 10, 2025

  • 8.1

    HIGH
    CVE-2024-45761

    Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. A remote low-privileged malicious user could potentially exploit this vulnerability to load any web plugins or Java class leading to th... Read more

    • Published: Dec. 09, 2024
    • Modified: Feb. 04, 2025

  • 8.8

    HIGH
    CVE-2024-45760

    Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. A remote low privileged user could potentially exploit this vulnerability via the HTTP GET method leading to unauthorized action with ele... Read more

    • Published: Dec. 09, 2024
    • Modified: Feb. 04, 2025

  • 4.8

    MEDIUM
    CVE-2023-43962

    Cross Site Scripting vulnerability in Xunrui CMS Public Edition v.4.6.1 allows a remote attacker to execute arbitrary code via the project name function in the project settings tab.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2022-38946

    Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php, allows attackers to execute arbitrary code.... Read more

    Affected Products : doctor-appointment
    • Published: Dec. 09, 2024
    • Modified: May. 17, 2025

  • 9.1

    CRITICAL
    CVE-2024-40583

    Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials.... Read more

    Affected Products : curovms
    • Published: Dec. 09, 2024
    • Modified: Apr. 17, 2025

  • 7.5

    HIGH
    CVE-2024-40582

    Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information.... Read more

    Affected Products : curovms
    • Published: Dec. 09, 2024
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2022-38947

    SQL Injection vulnerability in Flipkart-Clone-PHP version 1.0 in entry.php in product_title parameter, allows attackers to execute arbitrary code.... Read more

    Affected Products : flipkart-clone-php
    • Published: Dec. 09, 2024
    • Modified: May. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-54920

    A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id par... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Mar. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-54919

    A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Dec. 10, 2024

  • 6.5

    MEDIUM
    CVE-2024-49603

    Dell PowerScale OneFS Versions 8.2.2.x through 9.9.0.x contain an incorrect specified argument vulnerability. A remote low privileged legitimate user could potentially exploit this vulnerability, leading to information disclosure.... Read more

    Affected Products : powerscale_onefs
    • Published: Dec. 09, 2024
    • Modified: Jan. 09, 2025
Showing 20 of 291946 Results